一、Docker介绍
Docker 是基于 Linux 内核实现,Docker 最早采用 LXC 技术 ,LXC 是 Linux 原生支持的容器技术 ,可以提供轻量级的虚拟化 ,可以说 docker 就是基于 LXC 发展起来的,提供 LXC 的高级封装,标准的配置方法,在LXC的基础之上,docker提供了一系列更强大的功能。而虚拟化技术 KVM(KernelKernel-based Virtual Machine Machine) 基于模块实现, 后来Docker改为自己研发并开源的 runc 技术运行容器,彻底抛弃了LXC。
1、Docker的组成
Docker 主机(Host): 一个物理机或虚拟机,用于运行Docker服务进程和容器,也称为宿主机,node节点
Docker 服务端(Server): Docker守护进程,运行docker容器
Docker 客户端(Client): 客户端使用 docker 命令或其他工具调用docker API
Docker 镜像(Images): 镜像可以理解为创建实例使用的模板,本质上就是一些程序文件的集合
Docker 仓库(Registry): 保存镜像的仓库,官方仓库: https://hub.docker.com/,可以搭建私有仓库harbor
Docker 容器(Container): 容器是从镜像生成对外提供服务的一个或一组服务,其本质就是将镜像中的程序启动后生成的进程2、Namespace
namespace是Linux系统的底层概念,在LInux内核层实现,即有一些不同类型的命名空间被部署在内核,各个docker容器运行在同一个docker主进程并且共用同一个宿主机系统内核,各docker容器运行在宿主机的用户空间,每个容器都要有类似于虚拟机一样的相互隔离的运行空间,但是容器技术是在一个进程内实现运行指定服务的运行环境,并且还可以保护宿主机内核不受其他进程的干扰和影响,如文件系统空间、网络空间、进程空间等,目前主要通过以下技术实现容器运行空间的相互隔离:
3、Control groups
Cgroups 最主要的作用,就是限制一个进程组能够使用的资源上限,包括CPU、内存、磁盘、网络带宽 等等。此外,还能够对进程进行优先级设置,资源的计量以及资源的控制(比如:将进程挂起和恢复等操 作)。
二、Centos7基础配置
#修改主机名
[root@c7-docker-node1-71 ~]# hostnamectl set-hostname c7-docker-node1-71
#修改固定IP
[root@c7-docker-node1-71 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="none"
IPADDR=172.29.7.11
PREFIX=24
GATEWAY=172.29.7.254
DNS1=114.114.114.114
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
#重启网卡
[root@c7-docker-node1-71 ~]# nmcli connection reload ;nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
#修改selinux为警告状态
[root@c7-docker-node1-71 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#Disabled :不启用控制系统。
#permissive:开启控制系统,但是处于警告模式。即使你违反了策略的话它让你继续操作,但是把你的违反的内容记录下来。
#Enforcing:开启控制系统,处于强制状态。一旦违反了策略,就无法继续操作下去。
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
#动态修改selinux为警告状态
[root@c7-docker-node1-71 ~]# setenforce 0
#永久停止防火墙
[root@c7-docker-node1-71 ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
#修改时区
[root@c7-docker-node1-71 ~]# timedatectl set-timezone Asia/Shanghai
#时间同步
[root@c7-docker-node1-71 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#修改为阿里云时间服务器
server ntp1.alliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
....
#重启、开机自启、查看是否生效
[root@c7-docker-node1-71 ~]# systemctl restart chronyd
[root@c7-docker-node1-71 ~]# systemctl enable --now chronyd
[root@c7-docker-node1-71 ~]# chronyc -n sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 173.255.248.194 0 7 0 - +0ns[ +0ns] +/- 0ns
三、Docker的安装
1、yum安装
[root@c7-docker-node1-71 ~]# yum list docker --showduplicates
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.bupt.edu.cn
* extras: mirrors.bupt.edu.cn
* updates: mirrors.bupt.edu.cn
Available Packages
docker.x86_64 2:1.13.1-102.git7f2769b.el7.centos extras
docker.x86_64 2:1.13.1-103.git7f2769b.el7.centos extras
docker.x86_64 2:1.13.1-108.git4ef4b30.el7.centos extras
docker.x86_64 2:1.13.1-109.gitcccb291.el7.centos extras
docker.x86_64 2:1.13.1-161.git64e9980.el7_8 extras
docker.x86_64 2:1.13.1-162.git64e9980.el7.centos extras
docker.x86_64 2:1.13.1-203.git0be3e21.el7.centos extras
docker.x86_64 2:1.13.1-204.git0be3e21.el7 extras
docker.x86_64 2:1.13.1-205.git7d71120.el7.centos extras
docker.x86_64 2:1.13.1-206.git7d71120.el7_9 extras
docker.x86_64 2:1.13.1-208.git7d71120.el7_9 extras
docker.x86_64 2:1.13.1-209.git7d71120.el7.centos
#官方源下载太慢
#这里换成阿里云的源
#https://developer.aliyun.com/mirror/docker-ce?spm=a2c6h.13651102.0.0.57e31b11OBQGW7
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo service docker start
# 注意:
# 官方软件源默认启用了最新的软件,您可以通过编辑软件源的方式获取各个版本的软件包。例如官方并没有将测试版本的软件源置为可用,您可以通过以下方式开启。同理可以开启各种测试版本等。
# vim /etc/yum.repos.d/docker-ce.repo
# 将[docker-ce-test]下方的enabled=0修改为enabled=1
#
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
# Loading mirror speeds from cached hostfile
# Loaded plugins: branch, fastestmirror, langpacks
# docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
# docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable
# docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
# Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]2、二进制安装
[root@c7-docker-node1-71 ~]# wget https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-19.03.10.tgz
[root@c7-docker-node1-71 ~]# tar xf docker-19.03.10.tgz
[root@c7-docker-node1-71 ~]# cp docker/* /usr/bin/
[root@c7-docker-node1-71 ~]# dockerd &>/dev/null &
[root@c7-docker-node1-71 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.10
API version: 1.40
Go version: go1.13.10
Git commit: 9424aea
Built: Thu May 28 22:11:50 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.10
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 9424aea
Built: Thu May 28 22:18:15 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683创造service文件
[root@c7-docker-node1-71 ~]# groupadd docker
#这个service写起来很麻烦建议直接从别的节点使用yum安装 传一份
[root@c7-memcached-61 ~]# scp /lib/systemd/system/docker.service root@172.29.7.71:/lib/systemd/system/
[root@c7-memcached-61 ~]# scp /lib/systemd/system/docker.socket root@172.29.7.71:/lib/systemd/system/
[root@c7-memcached-61 ~]# scp /lib/systemd/system/containerd.service root@172.29.7.71:/lib/systemd/system/
[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
Partof=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
#OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
#Type=notify
Delegate=yes
KillMode=process
#Restart=always
#RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
#OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
[root@c7-docker-node1-71 ~]# jobs -l
[1]+ 2030 Running dockerd &>/dev/null &
[root@c7-docker-node1-71 ~]# kill -9 2030
[root@c7-docker-node1-71 ~]# jobs -l
[1]+ 2030 Killed dockerd &>/dev/null
[root@c7-docker-node1-71 ~]# systemctl daemon-reload
[root@c7-docker-node1-71 ~]# systemctl start docker
[root@c7-docker-node1-71 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2024-02-15 18:59:55 CST; 4s ago
Docs: https://docs.docker.com
Main PID: 2246 (dockerd)
Tasks: 12
Memory: 17.4M
CGroup: /system.slice/docker.service
└─2246 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.827705803+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{...dule=grpc
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.827711890+08:00" level=info msg="ClientConn switching balancer to \"pick_firs...dule=grpc
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.844174546+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.845913024+08:00" level=info msg="Loading containers: start."
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.929974315+08:00" level=info msg="Default bridge (docker0) is assigned with an... address"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.952655935+08:00" level=info msg="Loading containers: done."
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.965499382+08:00" level=info msg="Docker daemon" commit=9424aea graphdriver(s)...=19.03.10
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.965549143+08:00" level=info msg="Daemon has completed initialization"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.975641078+08:00" level=info msg="API listen on /var/run/docker.sock"
Feb 15 18:59:55 c7-docker-node1-71 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.